---
# Source: cilium/templates/hubble-generate-certs-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
  name: hubble-generate-certs
  namespace: kube-system
  labels:
    k8s-app: hubble-generate-certs
spec:
  schedule: "0 0 1 */4 *"
  concurrencyPolicy: Forbid
  jobTemplate:
    spec:
      template:
        metadata:
          labels:
            k8s-app: hubble-generate-certs
        spec:
          serviceAccount: hubble-generate-certs
          serviceAccountName: hubble-generate-certs
          containers:
            - name: certgen
              image: "{{ cilium_hubble_certgen_image_repo }}:{{ cilium_hubble_certgen_image_tag }}"
              imagePullPolicy: {{ k8s_image_pull_policy }}
              command:
                - "/usr/bin/cilium-certgen"
              # Because this is executed as a job, we pass the values as command
              # line args instead of via config map. This allows users to inspect
              # the values used in past runs by inspecting the completed pod.
              args:
              {% for key, value in cilium_certgen_args.items() -%}
                - "--{{ key }}={{ value }}"
              {% endfor %}

          hostNetwork: true
          restartPolicy: OnFailure
      ttlSecondsAfterFinished: 1800
